扫描报告
0 /100
godot-bridge
Godot 4.x Project Generator CLI. Create 2D/3D games with 80+ CLI commands: projects, scenes, scripts, levels, UI, game components, physics, particles, animations, materials, and export to HTML5/Windows/macOS/Linux/Android/iOS.
ClawBridge is a legitimate Godot 4.x project generator CLI with no malicious behavior detected. All functionality (filesystem writes, shell execution for `godot --path`) is documented, scoped, and necessary for game project generation.
可以安装
No action needed. The skill is safe to use.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | SKILL.md metadata declares node binary; clawbridge.js uses fs.writeFileSync/mkdi… |
| 命令执行 | WRITE | WRITE | ✓ 一致 | clawbridge.js:728 — execSync('godot --path ...') only for the 'open' command |
| 网络访问 | READ | READ | ✓ 一致 | clawbridge.js:31 — http://www.w3.org/2000/svg in SVG icon; clawbridge.js:728 — h… |
| 环境变量 | NONE | NONE | — | No process.env access found |
| 剪贴板 | NONE | NONE | — | No clipboard module usage |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database module usage |
| 技能调用 | NONE | NONE | — | No skill invocation |
2 项发现
中危 外部 URL 外部 URL
http://www.w3.org/2000/svg clawbridge.js:31 中危 外部 URL 外部 URL
https://godotengine.org clawbridge.js:728 目录结构
2 文件 · 40.2 KB · 909 行 JavaScript 1f · 740L
Markdown 1f · 169L
├─
clawbridge.js
JavaScript
└─
SKILL.md
Markdown
安全亮点
✓ No obfuscation (no base64, no eval with encoded strings)
✓ No credential harvesting or environment variable enumeration
✓ No network exfiltration or C2 communication
✓ No remote script execution (curl|bash, wget|sh)
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No supply chain risks — no external dependencies (no package.json, no requirements.txt)
✓ Documentation accurately reflects implementation behavior
✓ Shell execution (execSync) is scoped only to 'godot --path' for the documented 'open' command
✓ All filesystem writes are project-scoped within the generated game directory